一键脚本:
curl -sS -O https://raw.githubusercontent.com/woniu336/open_shell/main/ophaproxy.sh && chmod +x ophaproxy.sh && ./ophaproxy.sh
验证
ulimit -n
haproxy脚本
curl -sS -O https://raw.githubusercontent.com/woniu336/open_shell/main/bt-cf/haproxy/setup_haproxy.sh && chmod +x setup_haproxy.sh && ./setup_haproxy.sh
验证
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
可以根据服务器核心数设置nbthread 1参数,例如4核心,则是nbthread 4
检查 HAProxy 服务状态:
systemctl status haproxy
重启
systemctl restart haproxy
ssh连接优化
# 配置 PAM
if grep -q "^UsePAM" /etc/ssh/sshd_config; then
sed -i 's/^UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config
else
echo "UsePAM yes" >> /etc/ssh/sshd_config
fi
# 禁用 X11 转发
if grep -q "^X11Forwarding" /etc/ssh/sshd_config; then
sed -i 's/^X11Forwarding.*/X11Forwarding no/' /etc/ssh/sshd_config
else
echo "X11Forwarding no" >> /etc/ssh/sshd_config
fi
# 禁用 DNS 查询
if grep -q "^UseDNS" /etc/ssh/sshd_config; then
sed -i 's/^UseDNS.*/UseDNS no/' /etc/ssh/sshd_config
else
echo "UseDNS no" >> /etc/ssh/sshd_config
fi
# 检查配置
sshd -t && systemctl restart sshd
以下是手动设置
系统调优
swap调整,根据情况调整vm.swappiness数值
# 1. 备份 sysctl.conf
cp /etc/sysctl.conf /etc/sysctl.conf.bak
# 2. 查找并显示所有包含 vm.swappiness 的文件
find /etc/sysctl.d/ /etc/sysctl.conf -type f -exec grep -l "vm.swappiness" {} \;
# 3. 从所有相关文件中删除 vm.swappiness 设置
sudo sed -i '/^vm.swappiness/d' /etc/sysctl.conf
sudo find /etc/sysctl.d/ -type f -name "*.conf" -exec sed -i '/^vm.swappiness/d' {} \;
# 4. 添加新的配置
echo "vm.swappiness = 1" | sudo tee /etc/sysctl.d/99-swap.conf
# 5. 重新加载所有配置
sudo sysctl --system
验证
sysctl vm.swappiness
查询swap使用情况
swapon --show
vm.dirty_ratio和vm.dirty_background_ratio调整
验证默认值
sysctl vm.dirty_ratio
sysctl vm.dirty_background_ratio
查询所有脏页相关参数
sysctl -a | grep dirty
修改默认值
# 备份原配置
cp /etc/sysctl.conf /etc/sysctl.conf.bak
# 删除原配置文件中的相关参数
sed -i '/^vm.dirty_ratio/d' /etc/sysctl.conf
sed -i '/^vm.dirty_background_ratio/d' /etc/sysctl.conf
# 删除可能存在的旧dirty配置文件
rm -f /etc/sysctl.d/*dirty*.conf
# 注释掉kernel.conf中的相关配置(如果存在)
if [ -f /etc/sysctl.d/*kernel*.conf ]; then
sed -i '/^vm.dirty_ratio/s/^/#/' /etc/sysctl.d/*kernel*.conf
sed -i '/^vm.dirty_background_ratio/s/^/#/' /etc/sysctl.d/*kernel*.conf
fi
# 创建新的配置文件
cat << EOF | sudo tee /etc/sysctl.d/99-dirty-ratio.conf
# 内存脏页参数优化
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
EOF
# 应用新配置
sudo sysctl --system
# 验证配置
sysctl vm.dirty_ratio
sysctl vm.dirty_background_ratio
参数调优
cat > /etc/sysctl.conf << 'EOF'
# 文件描述符限制
fs.file-max = 6815744
# TCP 基础优化参数
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_frto = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_moderate_rcvbuf = 1
# 网络缓冲区优化
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.tcp_wmem = 4096 16384 33554432
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
# 网络转发设置
net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
# TCP keepalive 参数
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
# BBR 拥塞控制
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
# 连接队列优化
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
# TIME_WAIT 优化
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# TCP 性能优化
net.ipv4.tcp_slow_start_after_idle = 0
EOF
sysctl -p && sysctl --system
或者
sudo cat > /etc/sysctl.conf << 'EOF'
# --------------------------
# 文件描述符与进程限制
# --------------------------
fs.file-max = 6815744
# --------------------------
# TCP 基础优化参数
# --------------------------
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_frto = 1 # 启用 F-RTO 优化
net.ipv4.tcp_mtu_probing = 1 # 启用 MTU 探测
net.ipv4.tcp_rfc1337 = 1 # 安全处理 TIME-WAIT
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_slow_start_after_idle = 0
# --------------------------
# 网络缓冲区优化
# --------------------------
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.rmem_default = 87380 # 默认接收缓冲区
net.core.wmem_default = 87380 # 默认发送缓冲区
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.tcp_wmem = 4096 87380 33554432 # 对齐接收缓冲区中间值
net.ipv4.udp_rmem_min = 16384 # 增大 UDP 最小缓冲区
net.ipv4.udp_wmem_min = 16384
# --------------------------
# 连接队列与超时控制
# --------------------------
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_syn_retries = 2 # 减少 SYN 重试次数
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_max_tw_buckets = 65536 # 限制 TIME-WAIT 数量
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
# --------------------------
# 内存与拥塞控制
# --------------------------
net.core.netdev_max_backlog = 262144 # 网络设备队列长度
net.ipv4.tcp_mem = 786432 1048576 1572864 # 全局 TCP 内存限制
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
# --------------------------
# Keepalive 与安全
# --------------------------
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.conf.all.rp_filter = 1 # 启用反向路径过滤
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.route_localnet = 0 # 关闭危险的路由选项
# --------------------------
# 网络转发与 IPv6
# --------------------------
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
# --------------------------
# 高级加速选项
# --------------------------
net.ipv4.tcp_fastopen = 3 # 启用 TCP Fast Open
EOF
sudo sysctl -p /etc/sysctl.conf
修改 systemd 限制
mkdir -p /etc/systemd/system/haproxy.service.d/ && echo -e "[Service]\nLimitNOFILE=200000" > /etc/systemd/system/haproxy.service.d/limits.conf && systemctl daemon-reload
添加 HAProxy 限制到 limits.conf
cat > /etc/security/limits.conf << 'EOF'
* soft nofile 200000
* hard nofile 200000
root soft nofile 200000
root hard nofile 200000
haproxy soft nofile 200000
haproxy hard nofile 200000
EOF
修改 profile:
echo "ulimit -n 200000" >> /etc/profile
确保 sshd_config 中启用 PAM:
sed -i 's/#UsePAM yes/UsePAM yes/' /etc/ssh/sshd_config
应用更改
# 重启 sshd 服务
systemctl restart sshd
# 使 profile 更改生效
source /etc/profile
# 验证设置
ulimit -n
重启
# 重新加载 systemd 配置
systemctl daemon-reload
# 重启 HAProxy 服务
systemctl restart haproxy
查询
ulimit -n
检测配置文件是否有效
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
重启
sudo systemctl restart haproxy
检查 HAProxy 服务状态:
systemctl status haproxy
获取 HAProxy 主进程 PID
pidof haproxy
检查主进程(root)的限制
cat /proc/45924/limits | grep "open files"
检查工作进程(haproxy)的限制
cat /proc/45926/limits | grep "open files"
查看当前信息, 安装socat:
apt-get update
apt-get install socat
查询
echo "show info" | socat unix-connect:/run/haproxy/admin.sock stdio
CurrConns 当前连接数
MaxConnRate 最大连接速率/每秒
CumConns 累计连接数